A critical vulnerability, identified as CVE-2025-36896, has been discovered in the WLAN component of Android on Google Pixel devices. This flaw allows an attacker to gain elevated privileges on a vulnerable device, potentially leading to a complete system compromise. Due to its critical severity rating (CVSS 9.8), immediate patching is required to prevent potential data theft, malware installation, and unauthorized access to corporate resources.

This is an elevation of privilege vulnerability within the WLAN (Wi-Fi) component of the Android operating system on Google Pixel devices. An unauthenticated attacker on an adjacent network (i.e., within Wi-Fi range) could potentially exploit this flaw by sending specially crafted wireless packets to a target device. Successful exploitation could lead to arbitrary code execution with kernel-level or system-level privileges, effectively granting the attacker complete control over the device without any user interaction.

This vulnerability presents a critical risk to the organization, reflected by its CVSS score of 9.8. Exploitation could lead to the complete compromise of corporate-issued or employee-owned (BYOD) Google Pixel devices. The potential consequences include theft of sensitive corporate data, interception of communications, installation of persistent spyware or ransomware, and the ability for an attacker to use the compromised device as a pivot point to gain access to the internal corporate network. The lack of required user interaction makes this an easily exploitable vulnerability for attackers within physical proximity of a target.

Immediate Action: All affected Google Pixel devices must be updated immediately. Apply the Android Security Patch Level of 2025-09-05 or later as released by the vendor. After patching, monitor devices for any signs of compromise that may have occurred prior to the update.

Proactive Monitoring: IT security teams should monitor for anomalous network behavior from mobile devices, such as unexpected connections to malicious IP addresses or unusual data exfiltration patterns. Review device logs for crashes or errors related to the WLAN service (wpa_supplicant, hostapd). Employ Mobile Threat Defense (MTD) solutions to detect suspicious processes or network activity on endpoints.

Compensating Controls: If immediate patching is not feasible, implement the following controls:

• Instruct users to disable Wi-Fi in untrusted environments (e.g., public hotspots) and use cellular data instead.
• Enforce the use of a corporate VPN on all mobile devices to encrypt network traffic.
• Implement network access control (NAC) to restrict network access for devices that have not been patched.

Public Exploit Available: false

Given the critical CVSS score of 9.8, this vulnerability must be treated as a top priority. We strongly recommend that all affected Google Pixel devices within the organization are patched immediately to the September 2025 Android security level or a subsequent version. The potential for a complete, unauthenticated device takeover via an adjacent network represents a significant and immediate threat to corporate data security and network integrity. Organizations should prioritize this patching effort above routine updates.